Posted on April 15, 2023 at 7:47 PM
Hackers behind the Western Digital breach claim to have access to 10TB of data
The threat actors linked to a data breach against the Western Digital data storage company have claimed access to 10 terabytes of data belonging to the company. The data in question includes customer information. The hackers are demanding a ransom not to release the stolen data.
Western Digital hackers claim to steal massive volumes of data
The data storage company reported a network security incident on April 3. The company said the hackers stole data after hacking into several company systems. Western Digital has shared a few details about the kind of data that the hackers accessed. In a statement, it said that it was “working to understand the nature and scope of that data.”
One of the hackers behind the exploit has shared more details on the matter with TechCrunch. The hacker shared a file that was reportedly digitally signed using the code-signing certificate from Western Digital. The hacker demonstrated that they could digitally sign files to impersonate Western Digital. This file was also authenticated by security researchers.
The hackers have also shared the phone numbers that reportedly belong to some executives at the company. Two of the phone numbers provided appeared genuine, as the voicemail greetings mentioned the names of the executives at Western Digital. These phone numbers have yet to be shared with the public.
The hacker also shared screenshots that allegedly belonged to the hacker. The screenshots contain a folder originating from a Box account that belongs to Western Digital. They also shared an internal email, files stored within a PrivateArk instance, and a screenshot of a group call where one of the participants is the chief information security officer at Western Digital.
The threat actors have also claimed that they stole data from the SAP Backoffice. The SAP Backoffice is a back-end interface that allows companies to manage their e-commerce data. According to the hacker, the objective behind breaching Western Digital’s systems as financial gains. However, they refrained from using ransomware to encrypt the stolen files.
The hacker said they wanted to give the company a chance to pay the ransom before releasing the data, adding that it appeared unwilling to part with the demanded amount. The hacker also claimed to have sent emails to several executives at the company using their personal email addresses. In these emails, the hackers demanded a “one-time payment.”
The hackers shared a copy of the email acknowledging that they were behind the breach, adding that the company needed to pay attention. The hackers also threatened that they would retaliate if the company continued to ignore their calls.
“We only need a one-time payment, and then we will leave your network and let you know about your weaknesses. No lasting harm has been done. But if there are any efforts to interfere with us, our systems, or anything else, we will strike back,” the hackers’ message said.
Hackers are still within Western Digital’s systems
The hackers later stated that they were still within the company’s network and would continue looking for more information until the company made a payment. They added that they could still hide the information and their activity and protect the company’s privacy. The hackers have also urged the company to work with it to resolve the situation.
A spokesperson from Western Digital, Charlie Smalling, said that the company was unwilling to share any information on the stolen data and whether it had contacted the hackers to resolve the matter.
One of the hackers that disclosed the breach failed to specify the kind of customer information that was stolen in the breach. The threat actors have also not provided any details on how they accessed Western Digital’s network and how they have managed to maintain access to the network.
The hacker said they exploited flaws within the company’s infrastructure and progressed to the global administrator of its Microsoft Azure tenant. The hacker noted no solid plan behind attacking Western Digital, adding that the company selected its targets randomly.
The hackers have demanded payment not to release the stolen data. The hacker noted that if Western Digital failed to communicate on the issue, they would start publishing the stolen data on the website belonging to the Alphy ransomware group. However, the hackers said they are not affiliated with Alphy, saying they only know the group to be professional.